/*
 * Copyright (C) 2015-2020, Wazuh Inc.
 *
 * This program is free software; you can redistribute it
 * and/or modify it under the terms of the GNU General Public
 * License (version 2) as published by the FSF - Free Software
 * Foundation.
 */

#include <stdarg.h>
#include <stddef.h>
#include <setjmp.h>
#include <cmocka.h>
#include <stdio.h>

#include "../../wazuh_modules/wmodules.h"
#include "../../wazuh_modules/vulnerability_detector/wm_vuln_detector.h"
#include "../../wrappers/externals/sqlite/sqlite3_wrappers.h"
#include "../../headers/shared.h"
#include "mocks_wm_vuln_detector.h"

void wm_vuldet_free_agent_software(agent_software *agent);

char *wm_vuldet_clean_version(const char *version);
int vw_vuldet_filter_vulnerabilities(vu_feed feed, const char *vendor, const char *target_sw);
int wm_vuldet_check_generic_package(sqlite3 *dbCVE, vu_feed feed, char *pkg_name, char *pkg_source, char *pkg_version, char *pkg_arch, char *pkg_vendor, OSHash *cve_table, int8_t name_type, int *vuln_count);
int wm_vuldet_check_specific_package(sqlite3 *dbCVE, vu_feed feed, char *pkg_name, char *pkg_source, char *pkg_version, char *pkg_arch, char *pkg_vendor, OSHash *cve_table, int8_t name_type, int *vuln_count);
int wm_vuldet_get_children(sqlite3 * dbCVE, int configuration_id, int package_id, int *children);
int wm_vuldet_get_siblings(sqlite3 * dbCVE, int parent, int configuration_id, int *siblings);

/* setup */

static int setup_version(void **state) {
    char *version;

    os_calloc(15, sizeof(char*), version);

    if(!version) {
        return -1;
    }

    state[0] = version;

    return 0;
}

static int setup_agent_software(void **state) {
    agent_software *agent = calloc(1, sizeof(agent_software));

    if(!agent) {
        return -1;
    }

    agent->agent_id = strdup("000");
    *state = agent;

    return 0;
}

static int setup_children(void **state) {

    int *children;

    os_calloc(1, sizeof(int), children);

    if(!children)
        return -1;

    state[0] = children;

    return 0;

}

static int setup_siblings(void **state) {

    int *siblings;

    os_calloc(1, sizeof(int), siblings);

    if(!siblings)
        return -1;

    state[0] = siblings;

    return 0;

}

/* teardown */

static int teardown_version(void **state) {
    char *version = state[0];

    if(version) {
        free(version);
    }

    return 0;
}

static int teardown_agent_software(void **state) {
    agent_software *agent = *state;

    if(agent) {
        wm_vuldet_free_agent_software(agent);
    }

    return 0;
}

static int teardown_children(void **state) {
    int *children = state[0];

    if(children) {
        free(children);
    }

    return 0;
}

static int teardown_siblings(void **state) {
    int *siblings = state[0];

    if(siblings) {
        free(siblings);
    }

    return 0;
}

/* tests */

/* wm_vuldet_clean_version */

void test_wm_vuldet_clean_version_complete(void **state)
{
    char *version = state[0];

    strcpy(version,"1:test-release");

    char* ret = wm_vuldet_clean_version(version);
    assert_string_equal(ret, "test");

    os_free(ret);
}

void test_wm_vuldet_clean_version_no_epoch(void **state)
{
    char *version = state[0];

    strcpy(version,"test-release");

    char* ret = wm_vuldet_clean_version(version);
    assert_string_equal(ret, "test");

    os_free(ret);
}

void test_wm_vuldet_clean_version_no_release(void **state)
{
    char *version = state[0];

    strcpy(version,"1:test");

    char* ret = wm_vuldet_clean_version(version);
    assert_string_equal(ret, "test");

    os_free(ret);
}

void test_wm_vuldet_clean_version_no_epoch_release(void **state)
{
    char *version = state[0];

    strcpy(version,"test");

    char* ret = wm_vuldet_clean_version(version);
    assert_string_equal(ret, "test");

    os_free(ret);
}

/* wm_vuldet_get_children */

void test_wm_vuldet_get_children_prepare_error(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    int configuration_id = 0;
    int package_id = 0;
    int *children = state[0];

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_ERROR);
    will_return(__wrap_sqlite3_errmsg, "error");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5571): Couldn't get from the NVD the 'children' dependencies of the package with ID '0'");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5503): SQL error: 'error'");

    will_return(__wrap_sqlite3_close_v2, SQLITE_OK);

    int ret = wm_vuldet_get_children(db, configuration_id, package_id, children);
    assert_int_equal(ret, -1);
}

void test_wm_vuldet_get_children_done(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    int configuration_id = 0;
    int package_id = 0;

    int *children = state[0];

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_get_children(db, configuration_id, package_id, children);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_get_children_OK(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    int configuration_id = 0;
    int package_id = 0;

    int *children = state[0];

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_get_children(db, configuration_id, package_id, children);
    assert_int_equal(ret, 0);
}

/* wm_vuldet_get_siblings */

void test_wm_vuldet_get_siblings_prepare_error(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    int configuration_id = 0;
    int parent = 0;

    int *siblings = state[0];

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_ERROR);
    will_return(__wrap_sqlite3_errmsg, "error");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5571): Couldn't get from the NVD the 'siblings' dependencies of the package with ID '0'");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5503): SQL error: 'error'");

    will_return(__wrap_sqlite3_close_v2, SQLITE_OK);

    int ret = wm_vuldet_get_siblings(db, configuration_id, parent, siblings);
    assert_int_equal(ret, -1);
}

void test_wm_vuldet_get_siblings_done(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    int configuration_id = 0;
    int parent = 0;

    int *siblings = state[0];

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_get_siblings(db, configuration_id, parent, siblings);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_get_siblings_OK(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    int configuration_id = 0;
    int parent = 0;

    int *siblings = state[0];

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_get_siblings(db, configuration_id, parent, siblings);
    assert_int_equal(ret, 0);
}

/* test vw_vuldet_filter_vulnerabilities */

void test_vw_vuldet_filter_vulnerabilities_vendor_wrong_Ubuntu(void **state)
{
    (void) state;
    vu_feed feed = FEED_UBUNTU;
    const char *vendor = "redhat";
    const char *target_sw = "*";

    int ret = vw_vuldet_filter_vulnerabilities(feed, vendor, target_sw);

    assert_int_equal(ret, 1);
}

void test_vw_vuldet_filter_vulnerabilities_vendor_wrong_Debian(void **state)
{
    (void) state;
    vu_feed feed = FEED_DEBIAN;
    const char *vendor = "redhat";
    const char *target_sw = "*";

    int ret = vw_vuldet_filter_vulnerabilities(feed, vendor, target_sw);

    assert_int_equal(ret, 1);
}

void test_vw_vuldet_filter_vulnerabilities_vendor_wrong_Redhat(void **state)
{
    (void) state;
    vu_feed feed = FEED_REDHAT;
    const char *vendor = "debian";
    const char *target_sw = "*";

    int ret = vw_vuldet_filter_vulnerabilities(feed, vendor, target_sw);

    assert_int_equal(ret, 1);
}

void test_vw_vuldet_filter_vulnerabilities_target_sw_not_whitelist(void **state)
{
    (void) state;
    vu_feed feed = FEED_DEBIAN;
    const char *vendor = "vendor";
    const char *target_sw = "jenkins";

    int ret = vw_vuldet_filter_vulnerabilities(feed, vendor, target_sw);

    assert_int_equal(ret, 1);
}

void test_vw_vuldet_filter_vulnerabilities_vendor_target_sw_OK(void **state)
{
    (void) state;
    vu_feed feed = FEED_DEBIAN;
    const char *vendor = "vendor";
    const char *target_sw = "*";

    int ret = vw_vuldet_filter_vulnerabilities(feed, vendor, target_sw);

    assert_int_equal(ret, 0);
}

void test_vw_vuldet_filter_vulnerabilities_vendor_target_sw_mac_OK(void **state)
{
    (void) state;
    vu_feed feed = FEED_MAC;
    const char *vendor = "vendor";
    const char *target_sw[] = {
        "*",
        "mac",
        "mac_os",
        "mac_os_x",
        "macos"
    };
    int size_array = array_size(target_sw);
    int i;
    int ret;

    for (i = 0; i < size_array; i++) {
        ret = vw_vuldet_filter_vulnerabilities(feed, vendor, target_sw[i]);
        assert_int_equal(ret, 0);
    }
}

void test_vw_vuldet_filter_vulnerabilities_vendor_target_sw_mac_Err(void **state)
{
    (void) state;
    vu_feed feed = FEED_MAC;
    const char *vendor = "vendor";
    const char *target_sw[] = {
        "linux",
        "linux_kernel",
        "mupdf",
        "gpl_ghostscript"
    };
    int size_array = array_size(target_sw);
    int i;
    int ret;

    for (i = 0; i < size_array; i++) {
        ret = vw_vuldet_filter_vulnerabilities(feed, vendor, target_sw[i]);
        assert_int_equal(ret, 1);
    }
}

/* test wm_vuldet_check_generic_package */

void test_wm_vuldet_check_generic_package_prepare_error(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = NULL;
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int *vuln_count = NULL;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_ERROR);
    will_return(__wrap_sqlite3_errmsg, "error");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5570): Couldn't get from the NVD the 'generic' vulnerabilities of the package 'test'");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5503): SQL error: 'error'");

    will_return(__wrap_sqlite3_close_v2, SQLITE_OK);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, -1);
}

void test_wm_vuldet_check_generic_package_done(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = NULL;
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int *vuln_count = NULL;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_check_generic_package_skip(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = NULL;
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int *vuln_count = NULL;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "redhat");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_check_generic_package_start_including_no_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int *vuln_count = NULL;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, 0);

    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5460): Package 'test' not vulnerable to 'CVE-0000-0000'. Version (0.0.0) not 'greater than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_check_generic_package_start_including_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'greater than or equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_start_excluding_no_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int *vuln_count = NULL;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, 0);

    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5460): Package 'test' not vulnerable to 'CVE-0000-0000'. Version (0.0.0) not 'greater than' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_check_generic_package_start_excluding_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'greater than' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_no_starts_no_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "2.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, 0);

    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5460): Package 'test' not vulnerable to 'CVE-0000-0000'. Version (2.0.0) not 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_check_generic_package_no_starts_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_end_including_no_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "2.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int *vuln_count = NULL;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, 0);

    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5460): Package 'test' not vulnerable to 'CVE-0000-0000'. Version (2.0.0) not 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_check_generic_package_end_including_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_end_excluding_no_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "2.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int *vuln_count = NULL;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, 0);

    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5460): Package 'test' not vulnerable to 'CVE-0000-0000'. Version (2.0.0) not 'less than' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_check_generic_package_end_excluding_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'less than' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_no_ends_no_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "2.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, 0);

    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5460): Package 'test' not vulnerable to 'CVE-0000-0000'. Version (1.0.0) not 'greater than or equal' '2.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_check_generic_package_no_ends_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (1.0.0) 'greater than or equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_no_starts_no_ends_children(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "AND");     //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

//Children
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '*' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_no_children_no_siblings(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (1.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_children_invalid(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "AND");     //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Children
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_ERROR);
    will_return(__wrap_sqlite3_errmsg, "error");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5571): Couldn't get from the NVD the 'children' dependencies of the package with ID '0'");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5503): SQL error: 'error'");

    will_return(__wrap_sqlite3_close_v2, SQLITE_OK);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, -1);
}

void test_wm_vuldet_check_generic_package_children_OK(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "AND");     //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Children
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (1.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_siblings_invalid(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_ERROR);
    will_return(__wrap_sqlite3_errmsg, "error");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5571): Couldn't get from the NVD the 'siblings' dependencies of the package with ID '0'");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5503): SQL error: 'error'");

    will_return(__wrap_sqlite3_close_v2, SQLITE_OK);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, -1);
}

void test_wm_vuldet_check_generic_package_siblings_OK(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (1.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_ignore_package(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "AND");     //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);

    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_insert_package_error(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,-1);
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5572): Couldn't insert the package 'test' into the vulnerability 'CVE-0000-0000'. Version (1.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);

    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_duplicated_package(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,1);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5459): Trying to insert duplicated package 'test' into the vulnerability 'CVE-0000-0000'. Version (1.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_insert_package_OK(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (1.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_insert_package_Ubuntu(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "ubuntu_linux";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "ubuntu_linux");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "canonical");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'ubuntu_linux' inserted into the vulnerability 'CVE-0000-0000'. Version (1.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_insert_package_Debian(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "debian_linux";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "debian_linux");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "debian");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'debian_linux' inserted into the vulnerability 'CVE-0000-0000'. Version (1.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_insert_package_RedHat(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "enterprise_linux";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "enterprise_linux");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "redhat");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'enterprise_linux' inserted into the vulnerability 'CVE-0000-0000'. Version (1.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_insert_package_linux_kernel(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "linux_kernel";
    char *pkg_version = "1.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "linux_kernel");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "linux");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-0000-0000'. Version (1.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_insert_package_mac_os_x(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "mac_os_x";
    char *pkg_version = "10.15.1";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "mac_os_x");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "10.10.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "10.15.1");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'mac_os_x' inserted into the vulnerability 'CVE-0000-0000'. Version (10.15.1) 'less than or equal' '10.15.1' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_MAC, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_insert_package_mac_os_x_server(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "mac_os_x_server";
    char *pkg_version = "10.15.1";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "mac_os_x_server");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "10.10.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "10.15.1");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'mac_os_x_server' inserted into the vulnerability 'CVE-0000-0000'. Version (10.15.1) 'less than or equal' '10.15.1' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_MAC, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_insert_package_mac_os(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "mac_os";
    char *pkg_version = "10.15.1";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "mac_os");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "10.10.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "10.15.1");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'mac_os' inserted into the vulnerability 'CVE-0000-0000'. Version (10.15.1) 'less than or equal' '10.15.1' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_MAC, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_insert_package_macos(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "macos";
    char *pkg_version = "10.15.1";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "macos");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "10.10.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "10.15.1");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'macos' inserted into the vulnerability 'CVE-0000-0000'. Version (10.15.1) 'less than or equal' '10.15.1' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_MAC, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_insert_package_mac_no_vendor(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "safari";
    char *pkg_version = "2.1.3";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "safari");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "2.2.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'safari' inserted into the vulnerability 'CVE-0000-0000'. Version (2.1.3) 'less than or equal' '2.2.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_MAC, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_generic_package_insert_package_mac_with_vendor(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "safari";
    char *pkg_version = "2.1.3";
    char *pkg_arch = NULL;
    char *pkg_vendor = "apple";
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "safari");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "apple");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "apple");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "2.2.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'safari' inserted into the vulnerability 'CVE-0000-0000'. Version (2.1.3) 'less than or equal' '2.2.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_generic_package(db, FEED_MAC, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

/* test wm_vuldet_check_specific_package */

void test_wm_vuldet_check_specific_package_pkg_version_NULL(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = NULL;
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int *vuln_count = NULL;

    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5576): Missing version for package 'test' of the inventory.");

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_check_specific_package_prepare_error(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int *vuln_count = NULL;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_ERROR);
    will_return(__wrap_sqlite3_errmsg, "error");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5570): Couldn't get from the NVD the 'specific' vulnerabilities of the package 'test'");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5503): SQL error: 'error'");

    will_return(__wrap_sqlite3_close_v2, SQLITE_OK);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, -1);
}

void test_wm_vuldet_check_specific_package_done(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int *vuln_count = NULL;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_check_specific_package_skip(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int *vuln_count = NULL;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "node.js");       //target_sw

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_check_specific_package_no_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int *vuln_count = NULL;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, 0);

    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5460): Package 'test' not vulnerable to 'CVE-0000-0000'. Version (0.0.0) not 'equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_check_specific_package_vulnerable(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_no_children_no_siblings(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_children_invalid(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "AND");     //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Children
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_ERROR);
    will_return(__wrap_sqlite3_errmsg, "error");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5571): Couldn't get from the NVD the 'children' dependencies of the package with ID '0'");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5503): SQL error: 'error'");

    will_return(__wrap_sqlite3_close_v2, SQLITE_OK);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, -1);
}

void test_wm_vuldet_check_specific_package_children_OK(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "AND");     //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Children
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_siblings_invalid(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_ERROR);
    will_return(__wrap_sqlite3_errmsg, "error");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5571): Couldn't get from the NVD the 'siblings' dependencies of the package with ID '0'");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5503): SQL error: 'error'");

    will_return(__wrap_sqlite3_close_v2, SQLITE_OK);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, -1);
}

void test_wm_vuldet_check_specific_package_siblings_OK(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_os_package_valid(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "ubuntu_linux";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "ubuntu_linux");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "canonical");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,-1);
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5572): Couldn't insert the package 'ubuntu_linux' into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_ignore_package(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "ubuntu_linux";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "ubuntu_linux");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "canonical");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_insert_package_error(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,-1);
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5572): Couldn't insert the package 'test' into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_duplicated_package(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = NULL;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,1);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5459): Trying to insert duplicated package 'test' into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_insert_package_OK(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "test";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "test");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'test' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_insert_package_Ubuntu(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "ubuntu_linux";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "ubuntu_linux");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "canonical");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'ubuntu_linux' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_insert_package_Debian(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "debian_linux";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "debian_linux");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "debian");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'debian_linux' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_insert_package_RedHat(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "enterprise_linux";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "enterprise_linux");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "redhat");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'enterprise_linux' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_insert_package_linux_kernel(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "linux_kernel";
    char *pkg_version = "0.0.0";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "linux_kernel");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "linux");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_DEBIAN, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_insert_package_mac_os_x(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "mac_os_x";
    char *pkg_version = "10.15.1";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "mac_os_x");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%10.15.1%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "10.15.1");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'mac_os_x' inserted into the vulnerability 'CVE-0000-0000'. Version (10.15.1) 'equal' '10.15.1' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_MAC, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_insert_package_mac_os_x_server(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "mac_os_x_server";
    char *pkg_version = "10.15.1";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "mac_os_x_server");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%10.15.1%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "10.15.1");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'mac_os_x_server' inserted into the vulnerability 'CVE-0000-0000'. Version (10.15.1) 'equal' '10.15.1' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_MAC, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_insert_package_mac_os(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "mac_os";
    char *pkg_version = "10.15.1";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "mac_os");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%10.15.1%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "10.15.1");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'mac_os' inserted into the vulnerability 'CVE-0000-0000'. Version (10.15.1) 'equal' '10.15.1' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_MAC, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_insert_package_macos(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "macos";
    char *pkg_version = "10.15.1";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "macos");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%10.15.1%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "10.15.1");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'macos' inserted into the vulnerability 'CVE-0000-0000'. Version (10.15.1) 'equal' '10.15.1' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_MAC, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_insert_package_mac_no_vendor(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "safari";
    char *pkg_version = "2.1.3";
    char *pkg_arch = NULL;
    char *pkg_vendor = NULL;
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "safari");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%2.1.3%");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 4);
    expect_string(__wrap_sqlite3_bind_text, buffer, "");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "2.1.3");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'safari' inserted into the vulnerability 'CVE-0000-0000'. Version (2.1.3) 'equal' '2.1.3' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_MAC, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

void test_wm_vuldet_check_specific_package_insert_package_mac_with_vendor(void **state)
{
    sqlite3 *db = (sqlite3 *)1;
    sqlite3_stmt *stmt = NULL;

    char *pkg_name = NULL;
    char *pkg_source = "safari";
    char *pkg_version = "2.1.3";
    char *pkg_arch = NULL;
    char *pkg_vendor = "apple";
    OSHash *cve_table = (OSHash *)1;
    int8_t name_type = PACKAGE_SOURCE;
    int i = 1;
    int *vuln_count = &i;

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "safari");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%2.1.3%");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "apple");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 4);
    expect_string(__wrap_sqlite3_bind_text, buffer, "apple");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "2.1.3");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'safari' inserted into the vulnerability 'CVE-0000-0000'. Version (2.1.3) 'equal' '2.1.3' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    int ret = wm_vuldet_check_specific_package(db, FEED_MAC, pkg_name, pkg_source, pkg_version, pkg_arch, pkg_vendor, cve_table, name_type, vuln_count);
    assert_int_equal(ret, 1);
}

/* wm_vuldet_linux_nvd_vulnerabilities */
void test_wm_vuldet_linux_nvd_vulnerabilities_prepare_error(void **state)
{
    agent_software *agent = *state;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_ERROR);
    will_return(__wrap_sqlite3_errmsg, "error");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5569): Couldn't get the packages of the agent '000'");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5503): SQL error: 'error'");

    will_return(__wrap_sqlite3_close_v2, SQLITE_OK);

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, -1);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_done(void **state)
{
    agent_software *agent = *state;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5455): The NVD found a total of '0' potential vulnerabilities for agent '000'");

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5470): It took '0' seconds to 'find NVD' vulnerabilities in agent '000'");

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_no_source_no_name(void **state)
{
    agent_software *agent = *state;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value_count(__wrap_sqlite3_column_text, iCol, 0, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL,1);         //source
    expect_value_count(__wrap_sqlite3_column_text, iCol, 1, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //name
    expect_value_count(__wrap_sqlite3_column_text, iCol, 2, 2);
    will_return_count(__wrap_sqlite3_column_text, "0.0.0", 2);     //version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 3, 2);
    will_return_count(__wrap_sqlite3_column_text, "1.1.1", 2);     //pkg source version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 4, 2);
    will_return_count(__wrap_sqlite3_column_text, "x32", 2);       //architecture
    expect_value_count(__wrap_sqlite3_column_text, iCol, 5, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //vendor

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5455): The NVD found a total of '0' potential vulnerabilities for agent '000'");

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5470): It took '0' seconds to 'find NVD' vulnerabilities in agent '000'");

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_source_generic_invalid(void **state)
{
    agent_software *agent = *state;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value_count(__wrap_sqlite3_column_text, iCol, 0, 2);
    will_return_count(__wrap_sqlite3_column_text, "source",2);     //source
    expect_value_count(__wrap_sqlite3_column_text, iCol, 1, 2);
    will_return_count(__wrap_sqlite3_column_text, "name", 2);      //name
    expect_value_count(__wrap_sqlite3_column_text, iCol, 2, 2);
    will_return_count(__wrap_sqlite3_column_text, "0.0.0", 2);     //version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 3, 2);
    will_return_count(__wrap_sqlite3_column_text, "1.1.1", 2);     //pkg source version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 4, 2);
    will_return_count(__wrap_sqlite3_column_text, "x32", 2);       //architecture
    expect_value_count(__wrap_sqlite3_column_text, iCol, 5, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //vendor

    //test_wm_vuldet_check_generic_package_prepare_error
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_ERROR);
    will_return(__wrap_sqlite3_errmsg, "error");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5570): Couldn't get from the NVD the 'generic' vulnerabilities of the package 'source'");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5503): SQL error: 'error'");

    will_return(__wrap_sqlite3_close_v2, SQLITE_OK);

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, -1);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_source_specific_invalid(void **state)
{
    agent_software *agent = *state;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value_count(__wrap_sqlite3_column_text, iCol, 0, 2);
    will_return_count(__wrap_sqlite3_column_text, "source",2);     //source
    expect_value_count(__wrap_sqlite3_column_text, iCol, 1, 2);
    will_return_count(__wrap_sqlite3_column_text, "name", 2);      //name
    expect_value_count(__wrap_sqlite3_column_text, iCol, 2, 2);
    will_return_count(__wrap_sqlite3_column_text, "0.0.0", 2);     //version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 3, 2);
    will_return_count(__wrap_sqlite3_column_text, "0.1.1", 2);     //pkg source version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 4, 2);
    will_return_count(__wrap_sqlite3_column_text, "x32", 2);       //architecture
    expect_value_count(__wrap_sqlite3_column_text, iCol, 5, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //vendor

    //test_wm_vuldet_check_generic_package_siblings_OK
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "source");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'source' inserted into the vulnerability 'CVE-0000-0000'. Version (0.1.1) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    //test_wm_vuldet_check_specific_package_prepare_error
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_ERROR);
    will_return(__wrap_sqlite3_errmsg, "error");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5570): Couldn't get from the NVD the 'specific' vulnerabilities of the package 'source'");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5503): SQL error: 'error'");

    will_return(__wrap_sqlite3_close_v2, SQLITE_OK);

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, -1);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_source_no_vulnerable(void **state)
{
    agent_software *agent = *state;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value_count(__wrap_sqlite3_column_text, iCol, 0, 2);
    will_return_count(__wrap_sqlite3_column_text, "source",2);     //source
    expect_value_count(__wrap_sqlite3_column_text, iCol, 1, 2);
    will_return_count(__wrap_sqlite3_column_text, "name", 2);      //name
    expect_value_count(__wrap_sqlite3_column_text, iCol, 2, 2);
    will_return_count(__wrap_sqlite3_column_text, "2.0.0", 2);     //version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 3, 2);
    will_return_count(__wrap_sqlite3_column_text, "1.1.1", 2);     //pkg source version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 4, 2);
    will_return_count(__wrap_sqlite3_column_text, "x32", 2);       //architecture
    expect_value_count(__wrap_sqlite3_column_text, iCol, 5, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //vendor

    //test_wm_vuldet_check_generic_package_end_including_no_vulnerable()
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "source");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, 0);

    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5460): Package 'source' not vulnerable to 'CVE-0000-0000'. Version (1.1.1) not 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    //test_wm_vuldet_check_specific_package_no_vulnerable()
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "source");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%1.1.1%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, 0);

    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5460): Package 'source' not vulnerable to 'CVE-0000-0000'. Version (1.1.1) not 'equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5455): The NVD found a total of '0' potential vulnerabilities for agent '000'");

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5470): It took '0' seconds to 'find NVD' vulnerabilities in agent '000'");

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_source_vulnerable(void **state)
{
    agent_software *agent = *state;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value_count(__wrap_sqlite3_column_text, iCol, 0, 2);
    will_return_count(__wrap_sqlite3_column_text, "source",2);     //source
    expect_value_count(__wrap_sqlite3_column_text, iCol, 1, 2);
    will_return_count(__wrap_sqlite3_column_text, "name", 2);      //name
    expect_value_count(__wrap_sqlite3_column_text, iCol, 2, 2);
    will_return_count(__wrap_sqlite3_column_text, "0.0.0", 2);     //version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 3, 2);
    will_return_count(__wrap_sqlite3_column_text, "0.0.0", 2);     //pkg source version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 4, 2);
    will_return_count(__wrap_sqlite3_column_text, "x32", 2);       //architecture
    expect_value_count(__wrap_sqlite3_column_text, iCol, 5, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //vendor

    //test_wm_vuldet_check_generic_package_siblings_OK
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "source");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'source' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    //test_wm_vuldet_check_specific_package_vulnerable()

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "source");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'source' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5455): The NVD found a total of '2' potential vulnerabilities for agent '000'");

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5470): It took '0' seconds to 'find NVD' vulnerabilities in agent '000'");

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_name_generic_invalid(void **state)
{
    agent_software *agent = *state;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value_count(__wrap_sqlite3_column_text, iCol, 0, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL,1);         //source
    expect_value_count(__wrap_sqlite3_column_text, iCol, 1, 2);
    will_return_count(__wrap_sqlite3_column_text, "name", 2);      //name
    expect_value_count(__wrap_sqlite3_column_text, iCol, 2, 2);
    will_return_count(__wrap_sqlite3_column_text, "0.0.0", 2);     //version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 3, 2);
    will_return_count(__wrap_sqlite3_column_text, "1.1.1", 2);     //pkg source version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 4, 2);
    will_return_count(__wrap_sqlite3_column_text, "x32", 2);       //architecture
    expect_value_count(__wrap_sqlite3_column_text, iCol, 5, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //vendor

    //test_wm_vuldet_check_generic_package_prepare_error
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_ERROR);
    will_return(__wrap_sqlite3_errmsg, "error");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5570): Couldn't get from the NVD the 'generic' vulnerabilities of the package 'name'");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5503): SQL error: 'error'");

    will_return(__wrap_sqlite3_close_v2, SQLITE_OK);

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, -1);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_name_specific_invalid(void **state)
{
    agent_software *agent = *state;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value_count(__wrap_sqlite3_column_text, iCol, 0, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL,1);         //source
    expect_value_count(__wrap_sqlite3_column_text, iCol, 1, 2);
    will_return_count(__wrap_sqlite3_column_text, "name", 2);      //name
    expect_value_count(__wrap_sqlite3_column_text, iCol, 2, 2);
    will_return_count(__wrap_sqlite3_column_text, "0.0.0", 2);     //version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 3, 2);
    will_return_count(__wrap_sqlite3_column_text, "1.1.1", 2);     //pkg source version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 4, 2);
    will_return_count(__wrap_sqlite3_column_text, "x32", 2);       //architecture
    expect_value_count(__wrap_sqlite3_column_text, iCol, 5, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //vendor

    //test_wm_vuldet_check_generic_package_siblings_OK
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "name");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'name' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    //test_wm_vuldet_check_specific_package_prepare_error
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_ERROR);
    will_return(__wrap_sqlite3_errmsg, "error");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5570): Couldn't get from the NVD the 'specific' vulnerabilities of the package 'name'");
    expect_string(__wrap__mterror, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mterror, formatted_msg, "(5503): SQL error: 'error'");

    will_return(__wrap_sqlite3_close_v2, SQLITE_OK);

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, -1);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_name_no_vulnerable(void **state)
{
    agent_software *agent = *state;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value_count(__wrap_sqlite3_column_text, iCol, 0, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL,1);         //source
    expect_value_count(__wrap_sqlite3_column_text, iCol, 1, 2);
    will_return_count(__wrap_sqlite3_column_text, "name", 2);      //name
    expect_value_count(__wrap_sqlite3_column_text, iCol, 2, 2);
    will_return_count(__wrap_sqlite3_column_text, "2.0.0", 2);     //version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 3, 2);
    will_return_count(__wrap_sqlite3_column_text, "1.1.1", 2);     //pkg source version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 4, 2);
    will_return_count(__wrap_sqlite3_column_text, "x32", 2);       //architecture
    expect_value_count(__wrap_sqlite3_column_text, iCol, 5, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //vendor

    //test_wm_vuldet_check_generic_package_end_including_no_vulnerable()
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "name");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, 0);

    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5460): Package 'name' not vulnerable to 'CVE-0000-0000'. Version (2.0.0) not 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    //test_wm_vuldet_check_specific_package_no_vulnerable()
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "name");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%2.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, 0);

    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5460): Package 'name' not vulnerable to 'CVE-0000-0000'. Version (2.0.0) not 'equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5455): The NVD found a total of '0' potential vulnerabilities for agent '000'");

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5470): It took '0' seconds to 'find NVD' vulnerabilities in agent '000'");

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_name_vulnerable(void **state)
{
    agent_software *agent = *state;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value_count(__wrap_sqlite3_column_text, iCol, 0, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL,1);         //source
    expect_value_count(__wrap_sqlite3_column_text, iCol, 1, 2);
    will_return_count(__wrap_sqlite3_column_text, "name", 2);      //name
    expect_value_count(__wrap_sqlite3_column_text, iCol, 2, 2);
    will_return_count(__wrap_sqlite3_column_text, "0.0.0", 2);     //version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 3, 2);
    will_return_count(__wrap_sqlite3_column_text, "1.1.1", 2);     //pkg source version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 4, 2);
    will_return_count(__wrap_sqlite3_column_text, "x32", 2);       //architecture
    expect_value_count(__wrap_sqlite3_column_text, iCol, 5, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //vendor

    //test_wm_vuldet_check_generic_package_siblings_OK
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "name");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'name' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    //test_wm_vuldet_check_specific_package_vulnerable()

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "name");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'name' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5455): The NVD found a total of '2' potential vulnerabilities for agent '000'");

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5470): It took '0' seconds to 'find NVD' vulnerabilities in agent '000'");

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_pkg_source_version_NULL(void **state)
{
    agent_software *agent = *state;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value_count(__wrap_sqlite3_column_text, iCol, 0, 2);
    will_return_count(__wrap_sqlite3_column_text, "source",2);     //source
    expect_value_count(__wrap_sqlite3_column_text, iCol, 1, 2);
    will_return_count(__wrap_sqlite3_column_text, "name", 2);      //name
    expect_value_count(__wrap_sqlite3_column_text, iCol, 2, 2);
    will_return_count(__wrap_sqlite3_column_text, "0.0.0", 2);     //version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 3, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //pkg source version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 4, 2);
    will_return_count(__wrap_sqlite3_column_text, "x32", 2);       //architecture
    expect_value_count(__wrap_sqlite3_column_text, iCol, 5, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //vendor

    //test_wm_vuldet_check_generic_package_siblings_OK
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "source");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'source' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    //test_wm_vuldet_check_specific_package_vulnerable()

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "source");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'source' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5455): The NVD found a total of '2' potential vulnerabilities for agent '000'");

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5470): It took '0' seconds to 'find NVD' vulnerabilities in agent '000'");

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_os_pkg_mac(void **state)
{
    agent_software *agent = *state;
    agent->dist = FEED_MAC;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value_count(__wrap_sqlite3_column_text, iCol, 0, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);     //source
    expect_value_count(__wrap_sqlite3_column_text, iCol, 1, 2);
    will_return_count(__wrap_sqlite3_column_text, "mac_os_x", 2);      //name
    expect_value_count(__wrap_sqlite3_column_text, iCol, 2, 2);
    will_return_count(__wrap_sqlite3_column_text, "0.0.0", 2);     //version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 3, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //pkg source version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 4, 2);
    will_return_count(__wrap_sqlite3_column_text, "x64", 2);       //architecture
    expect_value_count(__wrap_sqlite3_column_text, iCol, 5, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //vendor

    //test_wm_vuldet_check_generic_package_siblings_OK
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "mac_os_x");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'mac_os_x' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    //test_wm_vuldet_check_specific_package_vulnerable()

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "mac_os_x");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5455): The NVD found a total of '1' potential vulnerabilities for agent '000'");

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5470): It took '0' seconds to 'find NVD' vulnerabilities in agent '000'");

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_app_pkg_mac_no_vendor(void **state)
{
    agent_software *agent = *state;
    agent->dist = FEED_MAC;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value_count(__wrap_sqlite3_column_text, iCol, 0, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);     //source
    expect_value_count(__wrap_sqlite3_column_text, iCol, 1, 2);
    will_return_count(__wrap_sqlite3_column_text, "safari", 2);      //name
    expect_value_count(__wrap_sqlite3_column_text, iCol, 2, 2);
    will_return_count(__wrap_sqlite3_column_text, "0.0.0", 2);     //version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 3, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //pkg source version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 4, 2);
    will_return_count(__wrap_sqlite3_column_text, "x64", 2);       //architecture
    expect_value_count(__wrap_sqlite3_column_text, iCol, 5, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //vendor

    //test_wm_vuldet_check_generic_package_siblings_OK
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "safari");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'safari' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    //test_wm_vuldet_check_specific_package_vulnerable()

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "safari");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 4);
    expect_string(__wrap_sqlite3_bind_text, buffer, "");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'safari' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5455): The NVD found a total of '2' potential vulnerabilities for agent '000'");

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5470): It took '0' seconds to 'find NVD' vulnerabilities in agent '000'");

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, 0);
}

void test_wm_vuldet_linux_nvd_vulnerabilities_app_pkg_mac_with_vendor(void **state)
{
    agent_software *agent = *state;
    agent->dist = FEED_MAC;
    sqlite3 *db = (sqlite3 *)1;
    OSHash *cve_table = (OSHash *)1;
    sqlite3_stmt *stmt = NULL;
    int *vuln_count = NULL;

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5451): Analyzing NVD vulnerabilities for agent '000'");

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "000");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value_count(__wrap_sqlite3_column_text, iCol, 0, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);     //source
    expect_value_count(__wrap_sqlite3_column_text, iCol, 1, 2);
    will_return_count(__wrap_sqlite3_column_text, "safari", 2);      //name
    expect_value_count(__wrap_sqlite3_column_text, iCol, 2, 2);
    will_return_count(__wrap_sqlite3_column_text, "0.0.0", 2);     //version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 3, 1);
    will_return_count(__wrap_sqlite3_column_text, NULL, 1);        //pkg source version
    expect_value_count(__wrap_sqlite3_column_text, iCol, 4, 2);
    will_return_count(__wrap_sqlite3_column_text, "x64", 2);       //architecture
    expect_value_count(__wrap_sqlite3_column_text, iCol, 5, 2);
    will_return_count(__wrap_sqlite3_column_text, "apple", 2);        //vendor

    //test_wm_vuldet_check_generic_package_siblings_OK
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "safari");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "apple");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "apple");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //start_including
    expect_value(__wrap_sqlite3_column_text, iCol, 2);
    will_return(__wrap_sqlite3_column_text, NULL);      //start_excluding
    expect_value(__wrap_sqlite3_column_text, iCol, 3);
    will_return(__wrap_sqlite3_column_text, "1.0.0");   //end_including
    expect_value(__wrap_sqlite3_column_text, iCol, 4);
    will_return(__wrap_sqlite3_column_text, NULL);      //end_excluding
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 6);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 7);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 8);
    will_return(__wrap_sqlite3_column_int, 1000);       //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 9);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 10);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 11);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    //Siblings
    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_int, index, 1);
    expect_value(__wrap_sqlite3_bind_int, value, 1000);
    will_return(__wrap_sqlite3_bind_int, 0);
    expect_value(__wrap_sqlite3_bind_int, index, 2);
    expect_value(__wrap_sqlite3_bind_int, value, 0);
    will_return(__wrap_sqlite3_bind_int, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_int, iCol, 0);
    will_return(__wrap_sqlite3_column_int, 1);

    expect_sqlite3_step_call(SQLITE_DONE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'safari' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'less than or equal' '1.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    //test_wm_vuldet_check_specific_package_vulnerable()

    will_return(__wrap_sqlite3_prepare_v2, SQLITE_OK);

    expect_value(__wrap_sqlite3_bind_text, pos, 1);
    expect_string(__wrap_sqlite3_bind_text, buffer, "safari");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 2);
    expect_string(__wrap_sqlite3_bind_text, buffer, "%0.0.0%");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 3);
    expect_string(__wrap_sqlite3_bind_text, buffer, "apple");
    will_return(__wrap_sqlite3_bind_text, 0);
    expect_value(__wrap_sqlite3_bind_text, pos, 4);
    expect_string(__wrap_sqlite3_bind_text, buffer, "apple");
    will_return(__wrap_sqlite3_bind_text, 0);

    expect_sqlite3_step_call(SQLITE_ROW);

    expect_value(__wrap_sqlite3_column_text, iCol, 0);
    will_return(__wrap_sqlite3_column_text, "CVE-0000-0000");
    expect_value(__wrap_sqlite3_column_text, iCol, 1);
    will_return(__wrap_sqlite3_column_text, "0.0.0");   //version_cmp
    expect_value(__wrap_sqlite3_column_int, iCol, 2);
    will_return(__wrap_sqlite3_column_int, 0);          //package_id
    expect_value(__wrap_sqlite3_column_int, iCol, 3);
    will_return(__wrap_sqlite3_column_int, 0);          //configuration_id
    expect_value(__wrap_sqlite3_column_int, iCol, 4);
    will_return(__wrap_sqlite3_column_int, 0);          //package_vulnerable
    expect_value(__wrap_sqlite3_column_int, iCol, 5);
    will_return(__wrap_sqlite3_column_int, 0);          //parent
    expect_value(__wrap_sqlite3_column_text, iCol, 6);
    will_return(__wrap_sqlite3_column_text, "OR");      //operator
    expect_value(__wrap_sqlite3_column_text, iCol, 7);
    will_return(__wrap_sqlite3_column_text, "vendor");  //vendor
    expect_value(__wrap_sqlite3_column_text, iCol, 8);
    will_return(__wrap_sqlite3_column_text, "*");       //target_sw

    will_return(__wrap_wm_checks_package_vulnerability, VU_VULNERABLE);

    will_return(__wrap_wm_vuldet_add_cve_node,0);
    expect_string(__wrap__mtdebug2, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug2, formatted_msg, "(5458): Package 'safari' inserted into the vulnerability 'CVE-0000-0000'. Version (0.0.0) 'equal' '0.0.0' (feed 'NVD').");

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_sqlite3_step_call(SQLITE_DONE);

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5455): The NVD found a total of '2' potential vulnerabilities for agent '000'");

    expect_string(__wrap__mtdebug1, tag, "wazuh-modulesd:vulnerability-detector");
    expect_string(__wrap__mtdebug1, formatted_msg, "(5470): It took '0' seconds to 'find NVD' vulnerabilities in agent '000'");

    int ret = wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table);
    assert_int_equal(ret, 0);
}

/* Tests */

int main(void) {
    const struct CMUnitTest tests[] = {
        //Tests wm_vuldet_clean_version
        cmocka_unit_test_setup_teardown(test_wm_vuldet_clean_version_complete, setup_version, teardown_version),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_clean_version_no_epoch, setup_version, teardown_version),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_clean_version_no_release, setup_version, teardown_version),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_clean_version_no_epoch_release, setup_version, teardown_version),
        //Tests wm_vuldet_get_children
        cmocka_unit_test_setup_teardown(test_wm_vuldet_get_children_prepare_error, setup_children, teardown_children),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_get_children_done, setup_children, teardown_children),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_get_children_OK, setup_children, teardown_children),
        //Tests wm_vuldet_get_siblings
        cmocka_unit_test_setup_teardown(test_wm_vuldet_get_siblings_prepare_error, setup_siblings, teardown_siblings),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_get_siblings_done, setup_siblings, teardown_siblings),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_get_siblings_OK, setup_siblings, teardown_siblings),
        //Tests vuln-detector-unit-test
        cmocka_unit_test(test_vw_vuldet_filter_vulnerabilities_vendor_wrong_Ubuntu),
        cmocka_unit_test(test_vw_vuldet_filter_vulnerabilities_vendor_wrong_Debian),
        cmocka_unit_test(test_vw_vuldet_filter_vulnerabilities_vendor_wrong_Redhat),
        cmocka_unit_test(test_vw_vuldet_filter_vulnerabilities_target_sw_not_whitelist),
        cmocka_unit_test(test_vw_vuldet_filter_vulnerabilities_vendor_target_sw_OK),
        cmocka_unit_test(test_vw_vuldet_filter_vulnerabilities_vendor_target_sw_mac_OK),
        cmocka_unit_test(test_vw_vuldet_filter_vulnerabilities_vendor_target_sw_mac_Err),
        //Tests wm_vuldet_check_generic_package
        cmocka_unit_test(test_wm_vuldet_check_generic_package_prepare_error),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_done),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_skip),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_start_including_no_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_start_including_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_start_excluding_no_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_start_excluding_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_no_starts_no_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_no_starts_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_end_including_no_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_end_including_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_end_excluding_no_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_end_excluding_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_no_ends_no_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_no_ends_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_no_starts_no_ends_children),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_no_children_no_siblings),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_children_invalid),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_children_OK),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_siblings_invalid),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_siblings_OK),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_ignore_package),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_insert_package_error),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_duplicated_package),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_insert_package_OK),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_insert_package_Ubuntu),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_insert_package_Debian),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_insert_package_RedHat),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_insert_package_linux_kernel),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_insert_package_mac_os_x),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_insert_package_mac_os_x_server),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_insert_package_mac_os),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_insert_package_macos),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_insert_package_mac_no_vendor),
        cmocka_unit_test(test_wm_vuldet_check_generic_package_insert_package_mac_with_vendor),
        //Tests wm_vuldet_check_specific_package
        cmocka_unit_test(test_wm_vuldet_check_specific_package_pkg_version_NULL),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_prepare_error),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_done),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_skip),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_no_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_vulnerable),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_no_children_no_siblings),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_children_invalid),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_children_OK),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_siblings_invalid),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_siblings_OK),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_os_package_valid),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_ignore_package),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_insert_package_error),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_duplicated_package),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_insert_package_OK),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_insert_package_Ubuntu),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_insert_package_Debian),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_insert_package_RedHat),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_insert_package_linux_kernel),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_insert_package_mac_os_x),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_insert_package_mac_os_x_server),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_insert_package_mac_os),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_insert_package_macos),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_insert_package_mac_no_vendor),
        cmocka_unit_test(test_wm_vuldet_check_specific_package_insert_package_mac_with_vendor),
        //Tests wm_vuldet_linux_nvd_vulnerabilities
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_prepare_error, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_done, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_no_source_no_name, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_source_generic_invalid, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_source_specific_invalid, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_source_no_vulnerable, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_source_vulnerable, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_name_generic_invalid, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_name_specific_invalid, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_name_no_vulnerable, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_name_vulnerable, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_pkg_source_version_NULL, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_os_pkg_mac, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_app_pkg_mac_no_vendor, setup_agent_software, teardown_agent_software),
        cmocka_unit_test_setup_teardown(test_wm_vuldet_linux_nvd_vulnerabilities_app_pkg_mac_with_vendor, setup_agent_software, teardown_agent_software),
    };
    return cmocka_run_group_tests(tests, NULL, NULL);
}
